[Bug 2729] New: Can connect with MAC hmac-sha1 even though it's not configured on the server

bugzilla-daemon Tue, 13 Jun 2017 14:26:42 -0700

https://bugzilla.mindrot.org/show_bug.cgi?id=2729


            Bug ID: 2729
           Summary: Can connect with MAC hmac-sha1 even though it's not
                    configured on the server
           Product: Portable OpenSSH
           Version: 7.5p1
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: security
          Priority: P5
         Component: ssh
          Assignee: [email protected]
          Reporter: [email protected]

Created attachment 2995
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2995&action=edit
wireshark trace for key exchange init packet

I have a 7.5p1 server with the following MACs: 
MACs
[email protected],[email protected],hmac-sha2-512,hmac-sha2-256
in the sshd_config

I am using a 7.5p1 client as below:
ssh -m hmac-sha1 user@<IP>

It lets me connect. Although as per RFC
https://www.ietf.org/rfc/rfc4253.txt It should just disconnect.

I have attached wireshark screen shots for client and server "Key
Exchange Init" packets which list the relevant contents.



OS: Centos 7
SSH version: 7.5 p1

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
[email protected]
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2729] New: Can connect with MAC hmac-sha1 even though it's not configured on the server

Reply via email to